Ransom with a twist? - Page 4

Re: Ransom with a twist?

#17826 by markusg
Wed Jan 23, 2013 9:52 am

hehe, in german forums we have to tell bad news since 8 months :d

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Ransom with a twist?

#17978 by thisisu
Fri Feb 01, 2013 9:41 pm

Topic I am working here was infected by same encryption.

Traces of the ransom but file not found:

Code: Select all

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\oenoxsjo.exe) - File not found
O20 - HKU\S-1-5-21-1177238915-789336058-725345543-1003 Winlogon: Shell - (C:\DOCUME~1\Steve\LOCALS~1\Temp\zrzilhrxsjo.exe) - File not found

Attachments

MENU-LAMB-BURGERS.xls

encrypted
(18.52 KiB) Downloaded 38 times

Username

thisisu

Posts

362

Joined

Sun Feb 26, 2012 8:57 am

Contact

Re: Ransom with a twist?

#17980 by markusg
Fri Feb 01, 2013 9:55 pm

In germany we se such infection via e-mail, ask him perhaps for an mail from unknown person with attachment.

Username

markusg

Posts

737

Joined

Mon Mar 15, 2010 2:53 pm

Re: Ransom with a twist?

#18033 by thisisu
Mon Feb 04, 2013 10:47 pm

markusg wrote:In germany we se such infection via e-mail, ask him perhaps for an mail from unknown person with attachment.

I asked. It was from adult website.

Username

thisisu

Posts

362

Joined

Sun Feb 26, 2012 8:57 am

Contact